Spam levels on the increase

MessageLabs, the leading provider of messaging and web security services to businesses worldwide, today announced the results of its MessageLabs Intelligence Report for May 2008. Analysis highlights that spam levels are back on the increase with levels reaching 76.8 percent of all emails in May, heights not experienced since early 2007. The rise in spam, according to MessageLabs, is due to the change of tactics adopted by the spammers this month, moving further away from reliance on new and undetectable email attachments and moving toward the exploitation of free, mainstream hosted services such as Google Docs and Calendar and Microsoft SkyDrive.

“The savvy, intelligent and accurate cybercriminals of today seem to have abandoned the attachments tactic that was so innovative in late 2007 and are now focused on exploiting free hosted applications which have become mainstream in 2008,” said Mark Sunner, Chief Security Analyst, MessageLabs. “The spammers are taking advantage of the fact that these services are free, provide ample bandwidth and are rarely blacklisted; this is one more addition to the growing list of ways the spammers have succeeded in outsmarting traditional detection devices.”

In May, MessageLabs intercepted spam emails which contained links to spam contained in documents hosted on the Google Docs environment. With traditional spam filters not blocking links to the Google Docs domain, spammers are using this to their advantage, as well as tracking their success through the use of Google Analytics. Google Docs is not the only target of this kind on the spammers’ radar. They are also using Microsoft’s shared file hosting service, SkyDrive. Spam generated using this technique accounted for one percent of all unsolicited mail in May.

In addition to the variety of new spam techniques, MessageLabs also identified several new phishing exploits this month, including one which preyed on a bank’s environmentally conscious customers. Using the Srizbi botnet to launch the attacks, the phishers took advantage of the Central Bank in Missouri’s ‘Go Green’ campaign to lure recipients into sharing their bank details in order to register for eStatements. Also in May, MessageLabs uncovered evidence of phishing attacks claiming to be from HSBC bank which purported to be a secure connection via an https, however, closer inspection revealed that this was not the case and was actually a standard http link to a domain pretending to be the actual bank.

The battle of the botnets continued this month with the notorious but diminishing champion Storm being challenged by newer arrival, Srizbi. On 19 May, the Storm botnet distributed more than 81,000 copies of a new wave of malware with the amorous filename of iloveyou.exe, whereas Srizbi was deemed responsible for less prolific attacks but still accounted for more than 40 percent of all spam in May.

“If the distribution of malware by Storm this month was successful, we could expect to see a renewed deluge from Storm next month and further competition between Storm and Srizbi,” Sunner said.

Other report highlights

  • Web security: Analysis of web security activity shows 30.5 percent of all web-based malware intercepted was new in May, a decrease of 5.8 percent since April. MessageLabs also identified an average of 1,311 new websites per day harbouring malware and other potentially unwanted programs such as spyware and adware, an increase of approximately 100 per day compared with the previous month.
  • Spam: In May 2008, the global ratio of spam in email traffic from new and previously unknown bad sources, was 76.8 percent (1 in 1.30 emails), an increase of 3.3 percent on the previous month.
  • Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources, was 1 in 170.1 emails (0.59 percent) in May, an increase of 0.13 percent since the previous month.
  • Phishing: May saw a decrease of 0.11 percent in the proportion of phishing attacks compared with the previous month. One in 265.6 (0.38 percent) emails comprised some form of phishing attack. When judged as a proportion of all email-borne threats such as viruses and Trojans, the number of phishing emails rose by 23.4 percent to 64 percent of all email-borne malware threats intercepted in May.

Geographical trends

  • In May, Hong Kong remained in the top spot as the most spammed country with spam levels reaching 85.9 percent of all email. The largest increase in spam levels was observed in Singapore, with an increase of 9.7 percent.
  • Spam levels increased across almost every region. In the US, levels reached 73.4 percent in May, 77.7 percent in Canada and 71.3 percent in the UK. Germany’s spam rate reached 72.8 percent and the 74.3 percent in the Netherlands. Spam levels in Australia were 68.2 percent, 77.8 percent in China and 74.2 percent in Japan.
  • Virus activity rose across many countries in May, with the largest increase in France at .40 percent. Switzerland remains the most targeted country for viruses with levels of 1 in 87.6 emails.
  • Virus levels for the US were 1 in 393.3 and 1 in 193.7 for Canada. In the UK, virus levels were 1 in 101.7 and 1 in 235.6 for Germany. In Australia, virus levels were 1 in 189.9 and 1 in 597.5 for Japan.

Vertical trends

Spam levels rose across all industry sectors in May, with Manufacturing remaining the top vertical for spam activity at 83.7 percent. The greatest rise was noted in the Non-Profit sector, where spam levels rose by 7 percent to 81.3 percent.

Spam levels for the Retail sector were 80 percent, 75.7 percent for Public Sector and 71.1 percent for Finance.

Virus levels also rose across many industry verticals during May. Accommodation and Catering claimed the most virus activity with 1 in 43.8 emails infected.

Virus levels for the the Finance sector were 1 in 248.2, 1 in 226.7 for IT Services and 1 in 194 for Retail.

Source: MessageLabs